# This controller handles the login/logout function of the site.  
class SessionsController < ApplicationController
  # Be sure to include AuthenticationSystem in Application Controller instead
  include AuthenticatedSystem

  # render new.rhtml
  def new
  end

  def create
    self.current_account = Account.authenticate(params[:login], params[:password])
    if logged_in?
      if params[:remember_me] == "1"
        current_account.remember_me unless current_account.remember_token?
        cookies[:auth_token] = { :value => self.current_account.remember_token , :expires => self.current_account.remember_token_expires_at }
      end
      current_user = current_account.user
      if current_user.is_freeze == 1
        remove_login_info
        redirect_user_freeze
        return
      end
      redirect_back_or_default(user_path(current_user))
    else
      render :action => 'new'
    end
  end

  def destroy
    remove_login_info
    redirect_back_or_default(login_path)
  end

  def redirect_user_freeze
    render :template => "/common/user_freeze.html"
    return false
  end

  def remove_login_info
    self.current_account.forget_me if logged_in?
    cookies.delete :auth_token
    reset_session
  end
end
